| FROM ubuntu:jammy |
| |
| ENV DEBIAN_FRONTEND=noninteractive |
| |
| # Do not add more stuff to this list that isn't small or critically useful. |
| # If you occasionally need something on the container do |
| # sudo apt-get update && apt-get whichever |
| |
| # hadolint ignore=DL3005,DL3008 |
| RUN apt-get update && \ |
| apt-get install --no-install-recommends -y \ |
| ca-certificates \ |
| curl \ |
| iptables \ |
| iproute2 \ |
| iputils-ping \ |
| knot-dnsutils \ |
| netcat \ |
| tcpdump \ |
| conntrack \ |
| bsdmainutils \ |
| net-tools \ |
| lsof \ |
| sudo \ |
| && update-ca-certificates \ |
| && apt-get upgrade -y \ |
| && apt-get clean \ |
| && rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old \ |
| && update-alternatives --set iptables /usr/sbin/iptables-legacy \ |
| && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy |
| |
| # Sudoers used to allow tcpdump and other debug utilities. |
| RUN useradd -m --uid 1337 istio-proxy && \ |
| echo "istio-proxy ALL=NOPASSWD: ALL" >> /etc/sudoers |
| |
| # BASE_DISTRIBUTION is used to switch between the old base distribution and distroless base images |
| ARG BASE_DISTRIBUTION=debug |
| |
| # Version is the base image version from the TLD Makefile |
| ARG BASE_VERSION=latest |
| |
| ARG TARGETARCH |
| COPY ${TARGETARCH:-amd64}/pilot-discovery /usr/local/bin/pilot-discovery |
| # COPY ${TARGETARCH:-amd64}/dlv /usr/local/bin/dlv |
| |
| # Copy templates for bootstrap generation. |
| COPY envoy_bootstrap.json /var/lib/istio/envoy/envoy_bootstrap_tmpl.json |
| COPY gcp_envoy_bootstrap.json /var/lib/istio/envoy/gcp_envoy_bootstrap_tmpl.json |
| |
| USER 1337:1337 |
| |
| ENTRYPOINT ["/usr/local/bin/pilot-discovery"] |